SOPA And Its Broad Regulation Of VPNs, Proxies And Other Important Tools

from the is-this-what-we-really-want? dept

There are so many scary parts to SOPA, it's taking some time to pull out all the pieces. One of the scarier parts of SOPA that isn't found in PROTECT IP, is the addition of a form of an "anti-circumvention" rule, which makes it illegal to try to get around any blockade on the US government's blacklist. Like the DMCA's dreadful anti-circumvention clause, this one is also vague and overly broad -- and would create problems for all sorts of legal services. The EFF is listing out some perfectly legal services that would suddenly be in legal crosshairs:

In this new bill, Hollywood has expanded its censorship ambitions. No longer content to just blacklist entries in the Domain Name System, this version targets software developers and distributors as well. It allows the Attorney General (doing Hollywood or trademark holders' bidding) to go after more or less anyone who provides or offers a product or service that could be used to get around DNS blacklisting orders. This language is clearly aimed at Mozilla, which took a principled stand in refusing to assist the Department of Homeland Security's efforts to censor the domain name system, but we are also concerned that it could affect the open source community, internet innovation, and software freedom more broadly:

Do you write or distribute VPN, proxy, privacy or anonymization software? You might have to build in a censorship mechanism — or find yourself in a legal fight with the United States Attorney General.

Even some of the most fundamental and widely used Internet security software, such as SSH, includes built-in proxy functionality. This kind of software is installed on hundreds of millions of computers, and is an indispensable tool for systems administration professionals, but it could easily become a target for censorship orders under the new bill.

Do you work with or distribute zone files for gTLDs? Want to keep them accurate? Too bad — Hollywood might argue that if you provide a complete (i.e., uncensored) list, you are illegally helping people bypass SOPA orders.

Want to write a client-side DNSSEC resolver that uses multiple servers until it finds a valid signed entry? Again, you could be in a fight with the U.S. Attorney General.

This is how the Great Firewall of China works as well -- by threatening service providers who don't help block with the idea that they might be liable if they don't figure out "some way" to block things. Then everyone scrambles to censor well beyond what is required under the law, just to avoid liability. The end result of this will make the internet significantly less secure. VPN providers will go out of business or be severely limited. This is exactly the opposite of the direction we should be moving in.

I can't wait for them do ban all of those!

As a cybercriminal they make my job much harder when I'm sniffing packets and penetrating networks. And don't even get me started on encryption...
Now all of your credit cards will belong to me! HAHAHAHA!

The difference between The Great Firewall of China and SOPA is simple: China doesn't have ICANN. The DHS has already taken down websites in other countries, that US law has no jurisdiction over, thanks to this. This means that, not only will sites in the US be screwed over due to SOPA, the DHS can simply strong-arm ICANN into screwing over foreign sites and companies that violate SOPA, even though US law has no jurisdiction in their countries. And since all of the major countries in the world still have the same anti-piracy stance, not a single finger will be lifted to stop this, aside from some diplomatic huffing and puffing and posturing that will amount to nothing.

SOPA has the potential to literally drag the world back into the 1950s in terms of technological progress.

If they outlaw VPNs.

It's like watching people perpetually living in the eye of a hurricane, where everything is calm and peaceful, without the vaguest idea what sort of damage the outer edges of the storm are doing, and then wondering why everyone else is panicking.

Techno-geeks can never see a down side to technology.

Look, on the one hand, you all know that you've NO privacy on the internet already. Google tracks you everywhere, but you don't worry about it because you think it's giving you free service, or even income directly. -- It'd probably be more accurate to say that those who like Google and the net overall see themselves as escaping the drawbacks, but don't want their own privileged status diluted so that they're subject to same limits on conduct as everyone else.

So I say this boils down to those who style themselves "computer cowboys" (by the way, Neil Young used that term in a song in 1980), see all their dodges and tricks and legal loopholes -- many of which have the direct purpose of escaping pesky copyright laws -- as under attack.

And, yes, SOPA is NOT going to be the end of demands. So long as "technology" increases, the legalities do too. That's the modernistic trap we're in, yet you puppies yell "Luddite!" at anyone who wants to stop the senseless increase of excesses. You're creating your own trap, plus going along with "cool" new ideas such as Google's tracking blithely unaware or even denying that it's ALL a trap.

Bottom line: it's going to become more difficult to hide illegal online activities, they'll just make the nets wider and more comprehensive. And yes, that's going to inconvenience all of us.

VPNs are a necessary product for nearly all corporate, military, and financial infrastructure. If this proposed censorship regime wants motivated, monied interests opposing them, outlawing VPNs seems like a good way to go about it.

Once you are on the other side of a VPN, especially if the exit is outside the United States, it's not possible to regulate the DNS.

Even within the United States, bypassing DNS blocking only requires the list of DNS entries to be blocked and it will be impossible to keep that list private since it must be distributed to all public and private DNS services to be effective.

Re: Techno-geeks can never see a down side to technology.

people will just go the vlc route (vlc is illegal in the us as it breaks dvd encryption, breaching the dmca) with their proxies and VPN software-distribute the software from a server abroad (or even peer to peer)

Re: Re: Techno-geeks can never see a down side to technology.

@Another AC, Nov 15th, 2011 @ 5:46pm

What I can't understand is, assuming you are right, why do you think that's a good thing?
-------------
Er, you don't specify, so I'll assume SOPA:
I say it's an inevitable reaction to rampant copyright infringement. I'm not for SOPA as such, though as a moral stance, taking "free" content instead of paying for it can't be widely tolerated, nor can it as a practical business matter for those who produce content. That aligns me with Big Media because I see the rightness of their essential point. Mike doesn't (and won't ever) have a valid business model that allows unchecked copying yet causes income to flow to the actual producers, not grifters who leverage the value of what others produce. I'm against grifting, so limiting it would be good. (I'm also for limiting how much especially the collection orginizations and its agents get by way of high personal tax rates: take the ridiculous "money for nothing" out of motives for mere entertainment.)

As for the trap of technology: it's self-evident. Computers can monitor everyone all the time; the dream of all police states is about to become real thanks to the proliferation of gadgets. Read Orwell now and update it with current technology. For instance, you no doubt carry a phone which gives your location continually; only a matter of time until the gov't gives you orders through it, as they tested recently with televisions. -- I don't see growing surveillance as a good thing, either, if you were confused.

Re: Techno-geeks can never see a down side to technology.

Look, on the one hand, you all know that you've NO privacy on the internet already. Google tracks you everywhere, but you don't worry about it because you think it's giving you free service, or even income directly.

Google doesn't track me. Anyone can opt out if they so choose. The tools are out there.

I reject your claim that there is no privacy on the internet. We have the privacy that we choose. More privacy might be slightly more inconvenient, but not much. The reason SOPA is such a bad thing is that it attempts to outlaw the tools for privacy without early judicial review and if my reading of previous precedent is correct, that is blatantly unconstitutional.

Your post reads like the future has already happened and is therefore inevitable. It attempts to breed despair and apathy into those whom oppose these measures. That technique will not work.

The fight is not over and we will not give up out of a misplaced sense of despair.

Re: "A Guy": "really don't understand how ... supposed to work."

It's conceptually simple: VPNs are administered by people. IF those people are determined -- or even believed -- to be deliberately -- or even unwittingly -- bypassing DNS blocks, then those people get tossed into jail. There may be intermediate stages, but that's the basic threat.

What's complained about here is the hypothetical "collateral damage". But as I see it, IF no measures are taken within VPNs to /insert/ dodges around the blocks, then I highly doubt that it'll be a a problem.

Eventually, hosts for infringing domains will shut down infringement, if only because of pressure from legitimate users. If that "chills" the surrounding areas of "speech", then it's probably fine with me: infringing links aren't actually speech, express no idea except: STEAL THIS FROM THOSE WHO MADE IT.

Re: Re: Re: Techno-geeks can never see a down side to technology.

I can understand your desire to limit infringement. My problem is those industries that make their living off a granted privilege keep making it more and more difficult for a consumer to enjoy the things they are making. If I go out and buy (lease..) a DVD why can't I also legally purchase some tools to take my lawfully purchased movie and put it in a format I can watch on a tablet for a plane trip? Nasty Pirates? No.. seems more like the various industries are missing out on making customers happy and a happy customer is a repeat buyer.

Re: Re: "A Guy": "really don't understand how ... supposed to work."

It's conceptually simple: VPNs are administered by people. IF those people are determined -- or even believed -- to be deliberately -- or even unwittingly -- bypassing DNS blocks, then those people get tossed into jail. There may be intermediate stages, but that's the basic threat.

VPNs outside the United States will not be constrained by our laws and I can bypass any DNS block from my personal computer without the need for a DNS server. Editing the hosts file is trivially simple.

Blocking foreign VPNs won't work because anyone savvy enough to know how to use a VPN will probably know how to use an IP address too.

This will only block those that don't really understand the technology. To me, that group seems to consist mainly of the bills authors and supporters, not the people they are trying to block.

Re: Re: Techno-geeks can never see a down side to technology.

@"A Guy": "Google doesn't track me."

Certainly it does. I was browsing my outgoing logs for curiosity just now and found TWO NEW Google parasites not in my hosts file.

If think you're "opted out" at Google itself: HA! First, that only applies when using Google products, THEY CLAIM. You've NO way of knowing. Second, even "opting out" gives them valuable information about you. Third, can't work unless you're uniquely identified from perhaps browser header or cookies. SO in order to "opt out", you have to first be known. -- And when you say well if not known, then you're not tracked: you are as much as possible.

But here's the clincher: try using Filesonic (for a definite known), WITHOUT allowing Google to run javascript AND track you. Can't be done. Google is almost impossible to avoid.

First thing to do in a battle is realistically gauge the enemy. Apparently, you /are/ blithe about Google, just as I said...

Re: Re: Re: Re: Techno-geeks can never see a down side to technology.

I would be more and more concerned about companies who make their livings off of deciding for artists and rights holders how their work is going to be given away, and how these companies are going to profit from it.

It's incredibly hard to "make the customer happy" when the first thing the customer does with his new "content product" is push it into his share folder and seed it. Giving them a perfect digital copy is more or less signing your own death warrant, because there will be more free copies than paid copies out there within minutes.

Take away the piracy factor makes it very much easier for producers to give you the content in multiple formats, or to give you an easier way to obtain it in different ways, because they know they aren't shooting themselves in the foot to do it.

We have never have this level of technology and an absence of widescale piracy since Napster. Isn't it time to try it the other way and see if it's better?

What you guys don't seem to get is that nobody is going to go after your work VPN - they are going to go after companies like TPB offering VPN services. The intent of these services is clear, and that is what they are trying to combat.

You have to remember that intent is important in all of this, companies advertising "cheap offshore hosting for your DVD rip seeding" are going to find themselves pretty much fucked.

So what if it is criminalized, is one thing to say something is a totally different matter to actually try it, I mean just look at piracy no matter how hard some people try to criminalize sharing, it is not stopping it and in fact legal action against the population proved counter-productive, so the idiots now want to hide behind others and try to make them appear to be the villains? oh, that will work, those people trying to pass the hot potato to others are just fools to say the least.

You people don't like dissent but will be dragged kicking and screaming to a point where you will have to accept it or fail.

"A Guy": "really don't understand how ... supposed to work."

Criminals use crowbars! Lets outlaw crowbars. What do you mean that's a bad idea???

What you guys don't seem to get is that nobody is going to go after your work crowbar - they are going to go after companies like Home Depot offering crowbars to criminals. The intent of these tools is clear, and that is what they are trying to combat.

You have to remember that intent is important in all of this, companies advertising "cheap crowbars for *all* of your crowbar needs" are going to find themselves pretty much fucked.

I understand that is what they say they are going after. However, there is no way to distinguish between legitimate services and what they are going after, save advertising.

A VPN is a dumb relay. It takes data and sends it to wherever the user tells it to. It receives a response and sends it back to the user. It does not control what DNS server you connect to. That is chosen by either the user or the ISP at the exit node.

Re: Re: Re: Re: Re: Techno-geeks can never see a down side to technology.

I'll go slowly, because you're apparently too stupid to get it still:

You cannot stop digital copies of ANY content from being created. It doesn't matter whether you offer the content theatrically, on vinyl, on parchment or stone tablet, if it can be perceived by human beings, a copy of it can be made and distributed digitally. Got that?

By refusing to do so yourself, all you do is create a market for those who can. Refuse to release a DVD in a region I can play? Pirates can. Refuse to let your DRM let me play my legally purchased content on the ebook reader or OS of my choosing? Pirates can. Refuse to offer an album in MP3 or FLAC in an attempt to try to force people to buy CDs they don't want? Pirates will release it themselves.

We can argue all day about the "morality" of downloading (which again, I do not do personally), but the fact is that if you're not offering a product in a format that the consumer can either access or desires, that's your failing. You lost the sale when you refused to meet the needs of your customer, not when the pirate fulfilled their needs instead.

Until you stop trying to force customers to buy things the way you want to supply it instead of the way they wish to pay for it, you've failed without piracy even being a factor. For example, it's been years since I bought a CD - too clunky, too easily damaged and they just sit in a cupboard after I rip it to MP3 anyway. Refuse to offer me a digital version? Fine, your choice, but you just lost a sale, no pirates involved. If you refuse to offer digital content for the fear that it will be pirated, you're a moron - the pirates still have their copies and legit customers can't buy from you either.

Prison

Currently, our prison population is made up of about 70% drug offenders, in our "War on Drugs".

We then followed up with the "War on Terror", so now people are being thrown in jails and not even allowed due process for this.

Here, we see right to action starting, so now you can be criminalized from being "Accused". So I guess we are starting our "War on Piracy".

So, if you can now be locked up without a judicial hearing for terrorism, how long before "Piracy promotes Terrorism" (Haven't we already heard that before?) so now, all these nasty pirates will be able to be thrown in jail just for posting a link to an MP3 file based on an accusation, without due process?

Not saying this is what is happening, just pointing out hyperbole to make others think rationally.

Re: Prison

I think that's the intent: criminalise everyone, so when someone says something you don't like, you can go after them (legally), have them thrown in jail and conveniently lose the key (due process) so they can never get out.

Re:

and all to protect one 'dying' industry, that is in fact making more profit now than it ever did, whilst shutting down thousands of other industries! my god!
question: when are governments going to learn?
answer: when things are well and truely screwed and cant be mended!

Re: Re: Re: Re: Re: Re: Re: Techno-geeks can never see a down side to technology.

Just John, I have been over this many times before:

They want your money - they just can't afford to come and get it. Legally providing the content into your country, getting a distributor, meeting all local rules for selling the product, etc... all to make 1 sale to you isn't worth it. You certainly aren't going to pay thousands of dollars for a DVD.

Here's the deal: It's not available where you are. Learn to live without it. Stop thinking that the lack of a market place (or your lack of ability to pay what it would cost to get it to you legally) justifies piracy. It does not.

You chose to move overseas. There are things you cannot get in your resident country now that you could get in the US, and conversely, you can get things in that country that you cannot get in the US.

Re: Re: Re: Re: Re: Re: Re: Re: Techno-geeks can never see a down side to technology.

"Legally providing the content into your country"

...is only restricted by the industry's own rules and regional licencing mantra. There's nothing to stop the **AAs offering digital content direct, just as Amazon can offer me a physical product without any problem (as long as you idiots haven't lost yourselves another sale by adding region codes).

"getting a distributor"

20 years ago, yes. Today, "getting a distributor" means "removing that stupid message that tells me the content is not available in my country". Other than your own blocks, there's no technical reason why I can't access content available in the US from exactly the same place.

"There are things you cannot get in your resident country now that you could get in the US, and conversely, you can get things in that country that you cannot get in the US."

OK. So, how exactly are people here "stealing" from you if you don't offer the product for sale in the first place?

Make up your mind, either you're losing money due to the pirates or you've opted not to offer the content to that market. Can't be both.

Hard Coded Host Table - ILLEGAL??

If I hard coded an IP into a host table to get around a DNS block and connected via SSL to a web page - wouldn't that be circumventing?? Even an SSL session could be construed as circumventing - so if I did connect SSL to a site, then it was blocked w/o a hearing or injunction - would I be guilty of circumventing because I had been encrypting my traffic. I could expect that any encryption would be circumventing if you want to take it that far.

As Richard Pryor said -- the American Just-us system for Just-us with lawyers ... or maybe they should rename this the "No-Lawyer Left Behind Act"

Locks only keep honest people out. You can't fix stupid.

When there is demand, supply will appear. The war on drugs is so successful right? That is a product that requires physical setup/transportation/distribution etc... digital products are several orders of magnitude easier to obtain/distribute. Same stupid mistakes over and over again. The only folks this will harm are innocent/honest people. Then some wonder wonder why we have such a low approval rating of politicians.

You can't fix stupid.... one of the few absolute truths left in the world.

Re: Re: Re: Re: Re: Re: Re: Re: Techno-geeks can never see a down side to technology.

>You chose to move overseas. There are things you cannot get in your resident country now that you could get in the US, and conversely, you can get things in that country that you cannot get in the US.

So the problem is with people who chose to get born in places outside of the US?

Sincerely, stick your hand up your ass and go fuck yourself, if that's your perspective in thinking the entire world is at fault for not being you.

Re: Re: Re: Re: Re: Re: Re: Re: Techno-geeks can never see a down side to technology.

I think others below have quite well elaborated my point.

You claim that because others are not in the US, they have no rights to it at all, and then the industries whine because they cannot stop those pesky "foreign rogue sites" from being pirates.

You just made my argument for me, thanks.
The others were also right, it is not "legal" issues that surround most of the distribution channel, it is the industries own fault. No one forced industry to put regional encoding. They made it, they chose it, and, they have to live with the pesky pirates that chose to get their content in ways not offered to them.

Guess until industries wake up to the demands of customers, they will just have to put up with the pesky pirates, because you will not stop them, period. It's a reality thing, maybe you should wake up to it.

In my mind, piracy is acceptable when no other options are being available, and your "Move to the US or don't watch" is not a viable option. Could care less if you agree with this or not, since this is not a "fact" matter, but your opinion against mine on what is morally right and wrong, and since it is not illegal where I live, that means that my moral compass is all that matters.

Sit back and enjoy the show.

What will happen if this gets implemented and thoroughly enforced :

Americans will buy VPN access to places abroad. It's already a booming industry and easily accessible. Get an IP outside the US , connect to it through a vpn server which you access over a secure ssl connection. Openvpn runs on TCP , UDP , it can be servered on any port , heck , with a 3rd party passthrough it can even look like html traffic.

I can list dozens of companies that sell this kind of product (I won't , I don't want this site to get banned because of me ROFL)

So , the workarounds to this bill already exist! They want to make vpn's in the US illegal with this bill but what would ever be the point in getting a US vpn account anyway ! You would want a UK , French , Australian .... etc one .. the idea is to get an IP from somewhere _outside_ the US , as not to be censored !

The effect for businesses : They will all relocate abroad , and the only booming business will be the VPN connections outside.

Next step , Ban outside VPN server ip's one by one ? That's on par with cutting all the cables that go out of or into the united states.

I for one am not worried about this bill . I am laughing my ass off looking at how american big industry are cutting the ground from under their feet. The little guy , in the end -taking a transitional periodinto account - has nothing to fear , every American has the right to set up shop everywhere , businesses will relocate , .com can be registered anywhere , nobody cares where servers are physically located. Taxes would be paid in other countries !

Piracy has evolved...and read this carefully .. not because previous methods didn't work anymore.. no , because the new methods are easier. The gnutella network still exists.. rated ftp servers still exist .. pirate bbs's over dial up became obsolete , they weren't eradicated... In a "worst case scenario" future I can imagine people flashing their routers with custom firmware to make city wide non government controlled wireless networks just because they can.. Possibilities are just endless . It takes 3 nerds and a 6pack to come up with the next method to distribute media. Why hasn't it happened you ask? It works fine for them like it does now , and you'd be surprised what's already running under the radar .. and what's _still_ running under the radar...

The thing that makes the video of all this so hilarious is .. it's a panel of 5 that barely know about the technical side (barely is fairly generous) trying to convince the house who don't have a clue to implement something that's purely technical in nature. They are also constantly merging 2 very separate things . Copyright and Trademark..
Ie , counterfeit goods and illegally distributed media.
Counterfit medicine , counterfit handbags , watches etc etc has much more in common with drug smuggling than pirated movies who are distributed for free ! There are ways to regulate both things , technically viable ones , I can imagine stores with on the fly burning of blurays with added tractability to the movie so the person pirating can be traced. I can imagine a boom for streamed media with advertising in it. But these things are very much unrelated with counterfeit goods !

I'm sure that each representative , has someone close to them that can sit in for them in these situations. When future generations will look at this , it will be on par with the trial of Galileo.

Also , internet , it's a network people ... You can't imagine what's _impossible_ to do with it !!! In it's most basic form , keeping IP level it can be shaped to do anything DNS , TCP, UDP are merely concepts that can be replaced . Any data traffic can be made to look like something else. A server with a function to "translate" alphabetical data into a number like DNS servers do can be made to look like a POP3 server , it can be made to look like a html server .. 80% of the IT industry doesn't have a notion of what's possible.. Politicians seem to have some crazy notion that it's tangible and can be owned. "It's like native Americans getting conned out of their land allover again !" that's what they're thinking ! I'll sell them mars ..

"All innovation is American..." "The Chinese are the biggest pirates ..." really , watch the video , these guys are beyond clueless and arrogant to boot.

Me ? More cynical , but not as down about this as everyone else I guess..

In reading that section of the bill, that only applies to providers, and not users. So if you subscribe to a VPN service, you are not breaking the law using it, but the provider is breaking the law providing it to you.

It is just like a foreiger visiting the United States. If said foreigner sets up his own private VPN on his PC at home before coming here, they not breaking the law, using their own private VPN, to bypass SOPA while they are here.

This is why the government will end up playing whack-a-mole. As one VPN is taken down, another will take its place. The US government will find this difficult to enforce.

Re:

The thing is , Americans wound be using foreign VPN's to bypass US censorship. Nobody wound be using US based VPN's.

As was said , cutting those off one by one would be on par with putting the US in isolation. Especially of those VPN providers worked with non-fixed IP. Every day hundreds ip's would be banned from the US.

An isolated censored united states based internet inaccessible from the rest of the world would be bad for business to say the least .. Not to mention completely ridiculous.

SOPA is just the next step in electronic surveillance. Tapping your phone isn`t simply enough for these people, they want to control your online social life too. I`m all for catching the "bad guys" that use Internet for theft, terrorism etc, but losing our right for privacy is really not the way to do it.

However, there are some Internet services that can make a difference . I used http://www.sunvpn.com/ a while back from China, basically it`s a service to unblock Internet restrictions, but one can also use it to hide Internet traffic (it supposedly encrypts all your traffic to the government can`t log everything you do anymore). I`m really thinking to use it on a regular basis, even when I don`t travel.